In some code constructs, value tracking can become confused by mutually-exclusive code paths. This is also known as the "correlated variables" problem, and can cause erroneous Warning 661 (pointer access out of bounds) alerts.

I'd like to see PC-Lint be given the ability to determine mutually-exclusive code paths and remove these spurious warnings.

The following code sample demonstrates this:

include <stdbool.h>

include <stdint.h>

include <string.h>

/lint ++fan ++fas/
typedef struct {
uint8t One0[2];
uint8t Two;
uint8t One2[2];
} DATATYPE;
/lint --fas --fan/

typedef enum { CLASSONE, CLASSTWO } DATA_CLASS;

bool SetOrClear(DATATYPE *as, const DATACLASS type, const sizet byte, const uint8t mask, const bool state)
{
uint8t *pset;
sizet ofs;

switch (type) {
case CLASS_ONE:
    if (byte < sizeof(as->One0)) {
        pset = as->One0;
        ofs  = byte;
    } else {
        ofs = byte - sizeof(as->One0);
        if (ofs >= sizeof(as->One2)) {
            return false;
        }
        pset = as->One2;
    }
    break;

case CLASS_TWO:
    if (byte >= sizeof(as->Two)) {
        return false;
    }
    pset = &as->Two;
    ofs  = byte;
    break;

default:
    return false;
}

if (state) {
    pset[ofs] |= mask;
} else {
    pset[ofs] &= ~mask;
}

return true;

}